Remove federated:id from scopes before passing it on

philips-forks · Jul 8, 2024 · 4751cae · 4751cae
1 parent 6a05098
commit 4751cae
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/connector/hsdp/hsdp.go b/connector/hsdp/hsdp.go
@@ -111,7 +111,8 @@ func (c *Config) Open(id string, logger *slog.Logger) (conn connector.Connector,
 
 	scopes := []string{oidc.ScopeOpenID}
 	if len(c.Scopes) > 0 {
-		scopes = append(scopes, c.Scopes...)
+		filtered := removeElement(c.Scopes, "federated:id") // HSP IAM does not support scopes with colon
+		scopes = append(scopes, filtered...)
 	} else {
 		scopes = append(scopes, "profile", "email", "groups")
 	}
@@ -434,3 +435,14 @@ func (c *HSDPConnector) createIdentity(ctx context.Context, identity connector.I
 
 	return identity, nil
 }
+
+// removeElement removes an element from a slice. It works for any ordered type (e.g., numbers, strings).
+func removeElement[T comparable](slice []T, elementToRemove T) []T {
+	var newSlice []T
+	for _, item := range slice {
+		if item != elementToRemove {
+			newSlice = append(newSlice, item)
+		}
+	}
+	return newSlice
+}